diff options
| author | Ed Tanous <ed@tanous.net> | 2024-03-22 03:26:34 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2024-03-22 03:32:38 +0300 |
| commit | e10f0176d66a2737edefec71f40376566769712b (patch) | |
| tree | a5f9f1a527d762ceab60a15df7d2fc410fea9854 /include | |
| parent | 325310d3c5b7de591533a00d9cf26054fa0c0f9d (diff) | |
| download | bmcweb-e10f0176d66a2737edefec71f40376566769712b.tar.xz | |
Revert "Refactor after login"
This reverts commit cd40b060ee2df5469077a70d15590f86158f2c60.
Cookie based login is no longer functional with this patch. It looks
like we got a merge conflict that I resolved incorrectly.
Tested: Webui can now log in.
Change-Id: I60b8aeae173b1838d8745a2c499fbcb410813ef3
Diffstat (limited to 'include')
| -rw-r--r-- | include/login_routes.hpp | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/include/login_routes.hpp b/include/login_routes.hpp index 1030e6db85..ae99757ef8 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -17,25 +17,6 @@ namespace crow namespace login_routes { -inline void - afterAuthenticateUser(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, - std::string_view username, - const boost::asio::ip::address& ipAddress, - int32_t pamrc) -{ - bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; - if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) - { - asyncResp->res.result(boost::beast::http::status::unauthorized); - return; - } - auto session = - persistent_data::SessionStore::getInstance().generateUserSession( - username, ipAddress, std::nullopt, - persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly); - // if content type is json, assume json token - asyncResp->res.jsonValue["token"] = session->sessionToken; -} inline void handleLogin(const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) @@ -170,14 +151,38 @@ inline void handleLogin(const crow::Request& req, password = req.getHeaderValue("password"); } - if (username.empty() || password.empty()) + if (!username.empty() && !password.empty()) + { + int pamrc = pamAuthenticateUser(username, password); + bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; + if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly) + { + asyncResp->res.result(boost::beast::http::status::unauthorized); + } + else + { + auto session = persistent_data::SessionStore::getInstance() + .generateUserSession( + username, req.ipAddress, std::nullopt, + persistent_data::PersistenceType::TIMEOUT, + isConfigureSelfOnly); + + asyncResp->res.addHeader(boost::beast::http::field::set_cookie, + "XSRF-TOKEN=" + session->csrfToken + + "; SameSite=Strict; Secure"); + asyncResp->res.addHeader(boost::beast::http::field::set_cookie, + "SESSION=" + session->sessionToken + + "; SameSite=Strict; Secure; HttpOnly"); + + // if content type is json, assume json token + asyncResp->res.jsonValue["token"] = session->sessionToken; + } + } + else { BMCWEB_LOG_DEBUG("Couldn't interpret password"); asyncResp->res.result(boost::beast::http::status::bad_request); - return; } - int pamrc = pamAuthenticateUser(username, password); - afterAuthenticateUser(asyncResp, username, req.ipAddress, pamrc); } inline void handleLogout(const crow::Request& req, |